[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")
Dave Warren
davew at hireahit.com
Fri Aug 14 02:23:08 UTC 2015
On 2015-08-13 19:00, Aaron Hopkins wrote:
> I try to avoid storing any raw per-flow data to disk. At the scale I'm
> operating, I can't store it for very long, and walking through it
> again is
> too slow. If I wanted to throw more hardware at netflow log processing,
> it's at least possible to do, though. Of the people I've heard doing
> this,
> they are mostly paranoid companies (not ISPs) who want to be able to
> trace
> security incidents after the fact.
I was surprised how many companies had enough traffic to retroactively
determine whether HEARTBLEED had previously been exploited. Neat, but
scary.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the tor-relays
mailing list